Remove the needs for write permissions, and/or use fine grained permission tokens

aquasecurity / chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Apache License 2.0

718 stars 62 forks source link

Open sammcj opened 1 year ago

sammcj commented 1 year ago

At present the documentation states this needs full repo access, it would be advantageous to make this only require read permission scopes.

If this isn't possible - it should use the new Github fine grained tokens which provide improved permission scopes.

"It is required to provide an access token with permission to these scopes: repo(all), read:repo_hook, admin:org_hook, read:org"